Kaspersky to US: Check Our Source Code

By Richard Adhikari
May 27, 2017 4:07 PM PT

Cybersecurity expert Eugene Kaspersky has volunteered to turn over his company's software source code to allay fears about possible ties with the Russian government, The Australian reported last week. Kaspersky made the offer public at CeBIT Australia.

Some U.S. officials have expressed concerns that Kaspersky Lab might have a close working relationship with the Russian government.

Kaspersky five years ago replaced a number of high-level managers with people who had ties to Russia's military or intelligence services, Bloomberg reported in 2015.

Some of them reportedly have provided data from the 400 million customers using Kaspersky's software to Russia's intelligence agency, the FSB.

Also, Kaspersky himself reportedly visits saunas with Russian officials on a regular basis.

Kaspersky studied at a university backed by the KGB -- the precursor of the FSB -- in the 1980s, according to reports, and he served as a software engineer with Soviet military intelligence before leaving for the private sector.

The heads of five U.S. intelligence agencies recently expressed suspicions regarding Kaspersky Lab to the U.S. Senate Select Committee on Intelligence, but they "don't have an option due to political reasons," Kaspersky
suggested on Reddit.

"Recently, inaccurate statement and claims about Kaspersky Lab have circulated in public," the company said in a statement provided to TechNewsWorld by corporate communications manager Denise Bertrand.

"Eugene never worked for the Russian government," Kapersky Lab contended. "He grew up in the Soviet Union era when almost every education opportunity was sponsored by the government in some manner."

The university Kaspersky studied at "was sponsored by four state institutions, one of which was the KGB," Kaspersky Lab said. He was placed at a Russian Ministry of Defense scientific institute as a software engineer upon graduating, because "it was routine for university faculty to determine students' post-graduate positions."

Stirring a Hornet's Nest

Kaspersky did itself no favors with its all-out pursuit of hackers and malware authors linked to the U.S.

It has uncovered sophisticated malware or spyware connected to U.S. intelligence sources, including Stuxnet, Flame, Shamoon, and The Equation Group.

Kaspersky didn't seem to look equally hard for state-sponsored malware released by Russia, an acknowledged haven for cybercriminals.

Possibly because of that, and also because of the controversy surrounding Russia's possible meddling in the U.S. presidential elections, Kaspersky now is under the microscope.

The FBI is looking into Kaspersky's ties with the Russian government, as is the Senate.

Separately, the NSA and the UK's GCHQ reportedly have been trying to hack into Kaspersky for years.

Is Kaspersky Targeted Unfairly?

The NSA could be behind the latest scrutiny of Kaspersky Lab and its CEO.

"Doing so while operating out of Russia would be even more problematic," he told TechNewsWorld.

However, the likelihood of Kaspersky maintaining a wall between its work with the FSB and Russian government, and its work with other clients is effectively zero," said Michael Jude, a program manager at Stratecast/Frost & Sullivan.

Like a John LeCarre Novel

The situation is "like a John LeCarre novel come to life," said Laura DiDio, principal analyst at ITIC.

"You're not going to be able to prove absolutely whether or not Kaspersky has ties to the Russian government, she told TechNewsWorld.

"He has done all he can do -- offer to give the U.S. government his source code," she pointed out.

"The problem isn't whether Russia built a back door into the Kaspersky code, but that Russia may have copies of the source code," Jude told TechNewsWorld.

"Regardless of whom Kaspersky turns his code over to, his reputation is shot," Jude said. "If it's Russia, the U.S. market is dead; if it's the U.S., then just about every non-U.S. market is dead."

Richard Adhikari has been an ECT News Network reporter since 2008. His areas of focus include cybersecurity, mobile technologies, CRM, databases, software development, mainframe and mid-range computing, and application development. He has written and edited for numerous publications, including Information Week and Computerworld. He is the author of two books on client/server technology.
Email Richard.